OpenStack Networking(neutron) is a pluggable, scalable and API-driven system for managing networks and IP addresses. It enables Network-Connectivity-as-a-Service for other OpenStack services, such as OpenStack Compute. Provides an API for users to define networks and the attachments into them. Has a pluggable architecture that support many popular networking vendors and technologies.
The network node runs the Networking plug-in and several agents that provision tenant networks and provide switching, routing, NAT, and DHCP services. It also handles external Internet connectivity for tenant virtual machine instances.
Juno manual gave the detailed installation steps, but I still met many problems, and even doubted whether the manual is right. Of course, the manual is right, but your physical network may not be the similar with that in the manual. For example, my network node only has two network interface cards, while that in Juno has three cards. To make some adaption according to your own network environment, firstly, the networking architecture of OpenStack should be fully understood. Figure 1 shows the network layout in Juno. Use it as an example to illustrate the network architecture in OpenStack.
It includes three separate networks:
Management network: used for connectivity for OpenStack nodes. Keystone uses this network to provide Identity, Token, Catalog and Policy services. Glance stores and retrieves virtual machine disk images.
Tunnel network: used for connectivity between VMs. The VMs in the entire OpenStack cluster transfer packets through this network, which will not affect management and external networks.
External network: used for external connectivity. It allows VMs to visit external internet or remotely access VMs by SSH.
The VMs on the compute nodes are connected to br-int(integration bridge), which links with br-tun(tunnel bridge). The tunnel network interface on the compute nodes is added to br-tun as a port for communicating with the network node.
On the network node, its tunnel network is also added to its br-tun as a port to connect the compute node and the network node. The br-tun transfers packets to br-int. In the br-int, there is a tenant router. The subnets created by tenants are attached to the router, and the ext-net(external network) is also attached to the router as its gateway. Through the br-ex(external bridge), the ext-net could access the external Internet by the external network interface on the compute node.
However, if the network node just has two NIC, we can make the tunnel network interface also work as the external network. When adding a port to the external bridge ovs-vsctl add-port br-ex INTERFACENAME, INTERFACENAME should be replaced by the tunnel network interface. At the same time, the ip of the tunnel network interface should be assigned to the br-ex as the following. The ext-net should be consisted with the tunnel network configuration.
1 | auto em1 |